dustymabe changed the topic of #fedora-coreos to: Fedora CoreOS :: Find out more at https://getfedora.org/coreos/ :: Logs at https://libera.irclog.whitequark.org/fedora-coreos
paragan has joined #fedora-coreos
jpn has joined #fedora-coreos
jpn has quit [Ping timeout: 240 seconds]
bgilbert has joined #fedora-coreos
bgilbert has quit [Ping timeout: 248 seconds]
jcajka has joined #fedora-coreos
jpn has joined #fedora-coreos
jpn has quit [Ping timeout: 260 seconds]
saschagrunert has joined #fedora-coreos
sentenza has quit [Remote host closed the connection]
gursewak has joined #fedora-coreos
jkonecny[m] has joined #fedora-coreos
<jkonecny[m]> Hi everyone, could someone please share with me what is the firewall status on FCOS? IIRC nftables is the recommended way, which is fine for me. However, I'm missing official guide, tips and tricks etc... I'm not firewall expert but I would like to use FCOS on my server and I would like to do it correctly.
<jkonecny[m]> Could someone here please guide me.
<jkonecny[m]> Right now I have a working configuration but I'm still confused how to correctly work with podman port forwarding in NFT
jpn has joined #fedora-coreos
c4rt0 has joined #fedora-coreos
jpn has quit [Ping timeout: 246 seconds]
jpn has joined #fedora-coreos
gursewak has quit [Ping timeout: 260 seconds]
paragan has quit [Quit: Leaving]
<travier[m]> jkonecny: See https://github.com/coreos/fedora-coreos-tracker/issues/467. We don't do anything specific in FCOS regarding firewall setup so that's more of a podman question on how to do things via nftables that interacts well with how podman works
<jkonecny[m]> travier: it is podman question but I'm convinced that it should be documented and easily understandable here https://docs.fedoraproject.org/en-US/fedora-coreos/ -- especially if you want to promote CoreOS as recommended solution for home servers
<travier[m]> We have https://github.com/coreos/fedora-coreos-docs/issues/247 to track documenting it
<jkonecny[m]> seems to be stale :(, but thanks for info
flokli has quit [Quit: WeeChat 3.8]
flokli has joined #fedora-coreos
Winor has joined #fedora-coreos
Winor has left #fedora-coreos [#fedora-coreos]
Winor has joined #fedora-coreos
<Winor> Hi, I was wondering if anyone here tried to install RKE2 on CoreOS and perhaps give me clues on how to proceed?
ravanelli has quit [Remote host closed the connection]
fifofonix has joined #fedora-coreos
Winor11 has joined #fedora-coreos
Winor is now known as Guest2770
Winor11 is now known as Winor
Guest2770 has quit [Ping timeout: 260 seconds]
Winor has quit [Ping timeout: 260 seconds]
jpn has quit [Ping timeout: 240 seconds]
saschagrunert has quit [Remote host closed the connection]
luna_ has joined #fedora-coreos
jlebon has joined #fedora-coreos
paragan has joined #fedora-coreos
nalind has joined #fedora-coreos
luna_ has left #fedora-coreos [#fedora-coreos]
jpn has joined #fedora-coreos
jpn has quit [Ping timeout: 256 seconds]
ravanelli has joined #fedora-coreos
samuelbernardo has quit [Quit: ZNC 1.8.2 - https://znc.in]
plarsen has joined #fedora-coreos
jpn has joined #fedora-coreos
<jlebon> dustymabe: have a question about https://github.com/coreos/fedora-coreos-tracker/issues/1470#issuecomment-1510599344 -- isn't that only true for kargs non-persistently set on firstboot?
baude has joined #fedora-coreos
<dustymabe> jlebon: maybe there's some nuance there that I'm not fully remembering
<dustymabe> it's been a while since I opened that PR
<jlebon> dustymabe: IIUC, that PR is to handle the case where network kargs are forwarded via the firstboot-network-kargs hack, but no-ops based on kargs already on disk in the BLS should work
<jlebon> and since coreos-installer's --append-karg changes the BLS itself, that should work
<dustymabe> ok, yeah I need to dig into it again
<jlebon> +1
<dustymabe> jlebon: it looks like quay has been a little less reliable recently. seeing issues running the build-cosa job lately
<dustymabe> it seems like it just takes a long time for the tag to show up when querying the registry
<dustymabe> I guess the problem could be on the `podman push` side too
<jlebon> dustymabe: if it eventually did show up, maybe we can just bump the timeout for now?
<dustymabe> jlebon: that's the thing. I see it in quay (web interface)
<dustymabe> i wonder if somehow podman is caching results
<dustymabe> nope.. podman search --list-tags quay.io/coreos-assembler/staging --- doesn't show the tag
<dustymabe> weird
<dustymabe> podman search --list-tags quay.io/coreos-assembler/staging | grep 7c819e4
<dustymabe> ^^ gives nothing right now
<dustymabe> super weird. skopeo inspect shows the tags
<dustymabe> guess I can ask over in `podman`
<jlebon> hmm, weird indeed
<jlebon> if skopeo does the right thing, I guess we could switch to using that
<jlebon> but yeah, would be good to figure out what's going on
<dustymabe> do you see the problem if you run the commands?
<jlebon> let me check
<jlebon> yup, indeed
<jlebon> dustymabe: ahhh, try with --limit 100
<jlebon> looks like podman defaults to only showing 25
ravanelli has quit [Remote host closed the connection]
<jlebon> we have a bunch of stale tags in there
<dustymabe> wow
ravanelli has joined #fedora-coreos
<jlebon> but anyway, i think we should rework this to query the specific tag instead of listing them all
samuelbernardo has joined #fedora-coreos
<dustymabe> yeah that's a good idea
<jlebon> i can try to whip something up, but we'll probably have to delete some tags to get out of this (so that the patched cosa gets in)
<dustymabe> we can just delete them all
<jlebon> +1
<dustymabe> the staging repo is just for staging
<dustymabe> though, we do need to clean up the tags in the main repo
<dustymabe> a bunch of junk in there
<dustymabe> i'll make a hackmd to collab on that
<jlebon> dustymabe: leave some in staging for testing
<dustymabe> jlebon: for prod https://hackmd.io/qjjaGS3PSR2eDVWErXoWMw
<dustymabe> I added a * to the ones that I think we should delete
<dustymabe> I haven't touched staging - will wait for instruction from you
<dustymabe> cverna: are you good to run the releases this week?
<dustymabe> c4rt0: maybe next round you can shadow someone on the releases and then enter the rotation at some point
<c4rt0> Sounds good to me!
<dustymabe> jlebon: i guess we need to get COSA built before we can start the pipeline builds huh? because of the gce/gcp thing?
<dustymabe> or was backwards compat preserved?
<jlebon> dustymabe: it was not :( we could revert the pipeline PR i guess, though i'm currently testing a patch
<dustymabe> +1
mheon has joined #fedora-coreos
<cverna> dustymabe: yes, I can I was waiting in case there was anything special to do before. But I can pick them up
<dustymabe> cverna: +1
<dustymabe> i think we need a new COSA built, but after that we should be good to go
<dustymabe> jlebon: should I clean up a few tags in that staging repo so we can get the new COSA built (doesn't require your new PR)?
* dustymabe goes to push delete buttons
<dustymabe> cverna: onces this jobs finishes with success you can go ahead and start the builds: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/blue/organizations/jenkins/build-cosa/detail/build-cosa/439/pipeline
<jlebon> dustymabe: yeah sounds good
<dustymabe> cverna: note that we already did the `testing` build last Friday
<dustymabe> (see checklist in streams ticket)
<cverna> 👍️
jpn has quit [Ping timeout: 252 seconds]
<dustymabe> cverna: looks like the cosa was pushed
jpn has joined #fedora-coreos
cyberpear has joined #fedora-coreos
<cverna> Ok, so I am good with the default cosa in the build parameters?
<dustymabe> yep
<dustymabe> for stable and next
gursewak has joined #fedora-coreos
<cverna> ok thanks
gursewak has quit [Ping timeout: 240 seconds]
<cverna> to confirm for the testing release job do I need this cosa --> quay.io/coreos-assembler/coreos-assembler:v38.20230414.1.0?
baude has quit [Quit: Leaving]
baude has joined #fedora-coreos
<dustymabe> cverna: no - just run with the latest
<cverna> Ok :)
bgilbert has joined #fedora-coreos
paragan has quit [Quit: Leaving]
jcajka has quit [Quit: Leaving]
<cverna> Do we still do a next release this week? since the last one was last week?
<dustymabe> cverna: yes.
<dustymabe> it will be the latest updates released for f38 (i.e. all the things that were held up by freeze)
<cverna> Ack
jpn has quit [Ping timeout: 252 seconds]
jpn has joined #fedora-coreos
c4rt0 has quit [Ping timeout: 246 seconds]
c4rt0 has joined #fedora-coreos
c4rt0 has quit [Ping timeout: 252 seconds]
c4rt0 has joined #fedora-coreos
Betal has joined #fedora-coreos
c4rt0 has quit [Quit: Leaving.]
vgoyal has joined #fedora-coreos
ravanelli has quit [Remote host closed the connection]
ravanelli has joined #fedora-coreos
heldwin has joined #fedora-coreos
jpn has quit [Ping timeout: 252 seconds]
ravanelli has quit [Remote host closed the connection]
ravanelli has joined #fedora-coreos
ravanelli has quit [Ping timeout: 276 seconds]
jpn has joined #fedora-coreos
fifofonix has quit [Read error: Connection reset by peer]
jpn has quit [Ping timeout: 240 seconds]
ravanelli has joined #fedora-coreos
ravanelli has quit [Remote host closed the connection]
ravanelli has joined #fedora-coreos
jpn has joined #fedora-coreos
jpn has quit [Ping timeout: 248 seconds]
gursewak has joined #fedora-coreos
jpn has joined #fedora-coreos
jpn has quit [Ping timeout: 240 seconds]
nalind has quit [Quit: bye for now]
fifofonix has joined #fedora-coreos
sentenza has joined #fedora-coreos
ravanelli has quit [Remote host closed the connection]
ravanelli has joined #fedora-coreos
jpn has joined #fedora-coreos
jpn has quit [Ping timeout: 240 seconds]
ravanelli has quit [Remote host closed the connection]
vgoyal has quit [Ping timeout: 240 seconds]
plarsen has quit [Quit: NullPointerException!]
mheon has quit [Ping timeout: 255 seconds]